Hello All,
I have planted back door on the one of the vulnerable machines in closed environment and i just curious to know which log file in Linux system log would contain digital foot prints of that particular back door so that i can build a dataset for machine learning for future purpose and how would i find key identifiers for that particular backdoor.
Example : i was able to see nmap scan logs in apache server with ip address but with backdoor i am struggling to find if system is compromised as backdoor is there and i can trigger commands from kali. How can i identify that users host is compromised / shell commands that i m sending from kali that can be detected.